Support Requests item #3118505, was opened at 2010-11-25 16:13
Message generated for change (Comment added) made by bunni35
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=541483&aid=3118505&group_id=74601
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Configuration
>Group: setkey
Status: Open
>Priority: 7
Private: No
Submitted By: Benoit LORAND (bunni35)
Assigned to: Nobody/Anonymous (nobody)
Summary: Uncrypt packet outgoing via wan interface
Initial Comment:
Hi all,
I have installed two linux gateway with ipsec-tools. when i launch ping from one network to other, the first one encrypt packet in esp (view with tcpdump), the second uncrypt the packet but send this one via eth0 who is my wan interface. Where should i specifie on wich interface unencrypt packet should go.
first gateway :
#!/usr/sbin/setkey -f
#
#Flush SAD and SPD
flush;
spdflush;
#Create policies for racoon
spdadd 172.16.84.0/24 172.16.74.0/24 any -P out ipsec esp/tunnel/[ip_wan1]-[ip_wan2]/require;
spdadd 172.16.74.0/24 172.16.84.0/24 any -P in ipsec esp/tunnel/{ip_wan2]-[ip_wan1]/require;
second gateway :
#!/usr/sbin/setkey -f
#
#Flush SAD and SPD
flush;
spdflush;
#Create policies for racoon
spdadd 172.16.74.0/24 172.16.84.0/24 any -P out ipsec esp/tunnel/[ip_wan2]-[ip_wan1]/require;
spdadd 172.16.84.0/24 172.16.74.0/24 any -P in ipsec esp/tunnel/[ip_wan1]-[ip_wan2]/require;
----------------------------------------------------------------------
>Comment By: Benoit LORAND (bunni35)
Date: 2010-12-03 10:41
Message:
On the screen attach we can see the problem. May someone have already see
that. I was in 2.6.33 kernel, i have updated to 2.6.36.1 but no change.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=541483&aid=3118505&group_id=74601